Fatal IT mistake No. 4: The porn identity
Late one evening a couple years back, a network admin for a Fortune 100 firm was looking for an empty backup tape. He grabbed one from the desk drawer of a senior system administrator and popped it into the drive, but was surprised to find it was already full of data. What, he wondered, could be on it? So he looked at it.
You can guess what he found.
"It was filled with porn," says Dave Amsler, president and CIO of Foreground Security, which was called in to handle the incident. "And so were dozens of other 'blank' tapes in the admin's desk. There was nothing illegal on any of the tapes, thank goodness. Still, he was terminated on the spot."
Yet that's hardly the worst Amsler has seen in his 14 years with Foreground, which provides managed security services for major U.S. corporations and government agencies. Amsler says he's been called in to deal with porn problems for at least 10 clients. Twice he found IT employees running adult sites on company servers. In those cases, the personnel suddenly found themselves with lots more spare time to pursue their hobbies.
Porn filters are useless against this kind of behavior because the IT guys know how to turn them off. Even when organizations have strict policies and filters in place, high-level admins often exempt themselves from these restrictions, says Amsler.
"Sometimes rightfully so," he adds. "Often high-level admins need to get to sites that would normally be blocked in order to do their jobs. But that doesn't mean they shouldn't at least be monitored. Even good people end up doing things they normally wouldn't when they think no one's watching. If the admin knows he's being watched, that would eliminate a significant portion of this behavior."
Moral of the story: Some things are better done at home.
Fatal IT mistake No. 5: Keeping the wrong secrets
Until recently, Dana B. was a network engineer at a major U.S. Internet provider. One day, a former colleague was told to change the IP addresses on some production routers. Because these changes could impact Internet subscribers, taking them briefly offline, the ISP typically made such changes overnight.
But this engineer didn't like to stay late, so he changed the addresses at the end of the day before he went home, then turned off his phone so that nobody would disturb him during his off-hours.
That was his first mistake. His bigger mistake was that he consistently refused to document anything he'd done, says Dana. That meant he had no idea which IP addresses he had already used in the past -- and neither did anyone else.
After he left, the interfaces failed to come up because their IP addresses had already been used, leaving nearly 5,000 subscribers without Internet access. When other engineers tried to call him to figure out what went wrong, they couldn't reach him.
"It took a team of five network engineers several hours to find the issue and correct the problems," says Dana. "The next day he came in and was promptly walked out."
Moral of the story: Some secrets are better left unkept.